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Amendments to the Claims 
This listing of claims will replace all prior versions and listings of claims in the application. 

1 . (Currently Amended) A method of managing operational risk for an organization, 
the method comprising: 

identifying at least one failure mode for a function of the organization; 

identifying , using a computing platform, at least one cause and at least one effect for at 
least one of the at least one failure mode; 

acquirin g, using the computing platform, r atings associated with the at least ofle cause 
and the at lea:st one effect; 

permutin g, using the computing platform, t he at least one failure mode, the at least one 
cause, and the at least one effect to define at least two risk items; arid 

producing , using the computing platform, a risk prioritization report of the at least two 
risk items based at least in part on the ratings associated with the at least one cause and the at 
least one effec t, the ratine:s comprising: 

a severity rating and a response rating associated with each of the at least 
one effect: and 

an occurrence rating and a detection rating associated with each of the at 

least one cause: and 
wherein the producing of the risk prioritization report comprises: 

calculating a criticality based on the severity rating and the occurrence rating: 

calculating a risk priority number based On the severity rating, the occurrence 
rating and the detection rating; and 

calculating an adjusted criticality based on the criticality. the severity rating, and 
the response rating . 

2. (Original) The method of claim 1 further comprising: 

recording a mitigation plan associated with at least one of the at least two risk items in 
the risk prioritization report; and 

tracking implementation of the mitigation plan. 
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3-4. (Cancelled) 

5. (Currently Amended) The method of claim i[[4]] further comprising: 
determining whether the at least one effect is related to at least one of a group consisting 
of compliance and strategic planning; 

wherein the producing of the risk prioritization report further comprises determining 
whether each of the at least two risk items represents at least one of a group consisting of a 
compliance related risk, a strategic planning related risk, a hidden factory, and a tail event. 

6-8. (Cancelled) 

9. (Original) The method of claim 1 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 

1 0. (Original) The method of claim 2 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 
11-12. (Cancelled) 

13. (Original) The method of claim 1 further comprising validating the ratings using 
historical data. 

14-16. (Cancelled) 
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1 7. (Original) The method of claim 1 wherein the producing of the risk prioritization 
report further comprises quantifying at least some of the risk items based on financial data. 

1 8. (Original) The method of claim 5 wherein the producing of the risk prioritization 
report further comprises quantifying at least some of the risk items based on financial data. 

19-20. (Cancelled) 

21 . (Original) The method of claim 1 further comprising determining a stability ratio, 
wherein the stability ratio represents a comparison of one of a nviftiber of priority risk items and a 
number of non-priority risk items to a total nuihber of risk items. 

22. (Origmal) The method of claim 2 wherein the method further comprises 
determining a stability ratio, wherein the stability ratio represents a comparison of one of a 
number of priority risk items and a number of non-priority risk items to a total number of risk 
items and the tracking of the implementation of the mitigation plan fiarther comprises tracking a 
stability ratio. 

23. (Currently Amended) A computer program product comprising a computer 
readable medium with a computer program embodied therein for facilitating risk assessment and 
control for an organization, the computer program comprising: 

instructions for identifying failure modes for at least one function of the organization; 
instructions for identifying at least one cause and at least one effect for each failure 

mode; 

instructions for acquiring ratings associated with the at least one cause and the at least 
one effect; 

instructions for permutmg the failure modes, the at least one cause, and the at least one 
effect to define risk items; and 
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instructions for producing a risk prioritization report of the risk items based at least in 
part on the ratings associated with the at least one cause and the at least one effect for each 
failure mod e, the ratings comprising: 

a severity rating and a response rating associated with each of the at least 
one effect: and 

an occurrence rating and a detection rating associated with each of the at 

least one cause, and 
wherein the instructions for producing the risk prioritization report comprises: 

instructions for calculating a criticality based on the severity rating and the 
occurrence rating: 

instructions for calculating a risk priority number based on the severity rating, the 
occurrence rating and the detection rating; and 

instructions for calculating an adjusted criticality based on the criticality. the 
severity rating, and the response rating . 

24. (Original) The computer program product of claim 23 wherein the computer 
program further comprises: 

instructions for recording a mitigation plan associated with at least one of the risk items 
in the risk prioritization report; and 

instructions for tracking implementation of the mitigation plan. 

25-26. (Cancelled) 

27. (Currently Amended) The computer program product of claim 23_[[26]] wherein 
the computer program further comprises: 

instructions for determining whether the at least one effect is related to at least one of a 
group consisting of compliance and strategic planning; 

wherein the instructions for producing of the risk prioritization report further comprise 
instructions for determining whether each of the risk items represents at least one of a group 
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consisting of a compliance related risk, a strategic planning related risk, a hidden factory, and a 
tail event. 

28-30. (Cancelled). 

3 1 . (Original) The computer program product of claim 23 wherein the computer 
program fUrther comprises: 

instructions for acquiring failure mode likelihoods associated with the at least one 
failure mode for the functioft; and 

instructions for validating the ratings using the failure mode likelihoods. 

32. (Original) The computer program product of claim 24 wherein the computer 
program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at least one 
failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

33-34. (Cancelled) 

35. (Original) The computer program product of claim 23 wherein the computer 
program further comprises instructions for validating the ratings using historical data. 

36-38. (Cancelled) 

39. (Original) The computer program product of claim 23 wherein the instructions 
for producing the risk prioritization report farther comprise instructions for quantifying at least 
some of the risk items based on financial data. 
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40. (Original) The computer program product of claim 27 wherein the instructions 
for producing the risk prioritization report further comprise instructions for quantifying at least 
some of the risk items based on financial data. 

41-42. (Cancelled) 

43. (Original) The computer program product of claim 23 wherein the computer 
program further comprises instructions for determining a stability ratio, wherein the stability 
ratio represents a comparison of one of a number of priority risk items and a number of non- 
priority risk items to a total number of risk items. 

44. (Original) The computer program product of claim 24 wherein the computer 
progrmn further comprises instructions for determining a stability ratio, wherein the stability 
ratio represents a comparison of one of a ntunber of priority risk items and a number of non- 
priority risk items to a total number of risk items and the instructions for tracking the 
implementation of the mitigation plan further comprise instructions for tracking a stability ratio. 

45. (Currently Amended) Apparatus for facilitating risk management for an 
organization, the apparatus comprising: 

a computing platform : 

means for identifying failure modes for at least one function of the organization; 
means for identifying at least one cause and at least one effect for each failure mode; 
means for acquiring ratings associated with the at least one cause and the at least one 

effect; 

means for permuting the failure modes, the at least one cause, and the at least one effect 
to define risk items; and 

means for producing a risk prioritization report of the risk items based at least in part on 
the ratings associated with the at least one cause and the at least one effect for each failure mode^ 
the ratings comprising: 
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a severity rating and a response rating associated with each of the at least 
one effect: and 

an occurrence rating and a detection rating associated with each of the at 
least one cause: and 
wherein the means for producing the risk prioritization report comprises: 

means for calculating a criticalitv based on the severity rating and the occurrence 

rating: 

means for calculating a risk priority number based on the severity rating, the 
occurrence rating and the detection rating: and 

means for calculating an adjusted criticalitv based on the criticalitv, the severity 
rating, and the response rating . 

46. (Original) The apparatus of claim 45 further comprising: 

means for recording a mitigation plan associated with at least one of the risk items in the 
risk prioritization report; and 

means for tracking implementation of the mitigation plan. 

47. (Original) The apparatus of claim 45 further comprising: 

means for acquiring failure mode likelihoods associated with the at least one failure 
mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 

48. (Original) The apparatus of claim 46 further comprising: 

means for acquiring failure mode likelihoods associated with the at least one failure 
mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 

49. (Original) The apparatus of claim 45 further comprising means for vaUdating the 
ratings using historical data. 
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50. (Original) The apparatus of claim 46 fiirther comprising means for validating the 
ratings using historical data. 

5 1 . (Original) The apparatus of claim 47 further comprising means for validatirig the 
ratings using historical data. 

52. (Original) The apparatus of claim 48 further comprising means for validating the 
ratings using historical data. 

53. (Original) The apparatus of claim 45 further comprising means for determining a 
stability ratio, wherein the stability ratio represents a comparison of one of a nvimber of priority 
risk items and a nimiber of non-priority risk items to a total number of risk items. 

54. (Currently Amended) A system for facilitating risk assessment and control for an 
organization comprising: 

a computing platform having computer program code embodied therein, the computer 
program code comprising: 

at least one analysis module to identify causes and effects associated with failure modes 
of at least one function of the organization and acquire ratings associated with the causes and 
effects; 

at least one data store operationally coimected to at least some of the at least one analysis 
module to store failure modes, causes, effects, and ratings; and 

at least one calculation module operationally coimected to the at least one data store to 
permute the failure modes, causes and effect to define risk items and produce a risk prioritization 
report of the risk items based at least in part on the ratings , wherein the ratings comprise: 
a severity rating and a response rating associated vyith each effect; and 
an occurrence rating and a detection rating associated with each cause, and 
wherein the at least one calculation module is operable to calculate a criticality based on 
the severity rating and the occurrence rating, a risk priority number based on the severity rating^ 
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the occurrence rating and the detection rating, and an adjusted criticality based on the criticality, 
the severity rating, and the response rating . 

55-56. (Cancelled) 

57. (Currently Amended) The system of claim 54 [[56]] wherein the at least one 
calculation module is operable to determine whether each of the risk items represents at least one 
of a group consisting of a compliance related risk, a strategic planning related risk, a hidden 
factory, and a tail event. 

58. (Original) The system of claim 54 further comprising a data validation module 
operationally connected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 

59. (Original) The system of claim 54 further comprising a risk data quantification 
module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

60-63. (Cancelled) 

64. (Original) The system of claim 57 further comprising a data validation module 
operationally coimected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 

65. (Original) The system of claim 57 further comprising a risk data quantification 

module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

66. (Original) The system of claim 54 further comprising an operational interface to 
a risk meta-modeling system. 
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67, (Original) The system of claim 58 further comprising an operational interface to 
a risk meta-modeling system. 

68. (Original) The system of claim 59 further comprising an operational interface to 
a risk meta-modeling system. 

69-70. (Cancelled) 

71 . (Original) The system of claim 54 further comprising a stability analysis module 
operationally connected to the at least one calculation module to determine a stability ratio, 
wherein the stability ratio represents a comparison of One of a number of priority risk items and a 
number of non-priority risk items to a total number of risk items, 
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